Linux Consultant

“Yes, I’m paranoid — but am I paranoid enough?” ― David Foster Wallace, Infinite Jest Hardening Public Servers Install system accounting On Debian based systems run ‘apt-get install acct’ then you can use commands lastcomm and sa to see who ran various comands. Also a log file will be writen to /var/log/account/pacct Remove compilers from production severs use the command ‘apt-get –purge remove gcc’ Setup remote logging See http://www.thegeekstuff.com/2012/01/rsyslog-remote-logging/ to find out how Install fail2ban Linux.com has a good intro to fail2ban http://www.linux.com/learn/tutorials/469597-weekend-project-keep-out-repeat-offenders-with-fail2ban-on-linux

June 19, 2018 | by Scott Kilroy

ssh tips

Someday I’ll get around to writing up my own tips but until then this is a pretty good guide http://lugatgt.org/2009/10/28/ssh-tips-and-tricks-2/

June 19, 2018June 19, 2018 | by Scott Kilroy

bashprofile

# .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/bin:/sbin export JAVA_HOME=/usr/java/jdk1.6.0_05/bin/java export PATH=$PATH:/usr/java/jdk1.6.0_05/bin export HISTIGNORE=”&” export EDITOR=nano export PATH unset USERNAME alias rm=’rm -i’ alias cp=’cp -i’ alias ls=’ls –color’ alias zf=’zf.sh’ echo -e “\033[36m########################## \033[0m” echo -e “\033[36mServer $HOSTNAME \033[0m” echo -e “\033[36mWelcome back $USER \033[0m” echo -e “\033[36musers loggged in: \033[0m” echo -e “\033[36m `users ` \033[0m” echo -e “\033[36m`uptime` \033[0m” echo […]

June 19, 2018 | by Scott Kilroy

bashrc

Here is my typical .bashrc file # .bashrc # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi # append commenads to bash_history (when using more then one window) shopt -s histappend PROMPT_COMMAND=’history -a’ # User specific aliases and functions PATH=$PATH:$HOME/bin:/sbin #export JAVA_HOME=/usr/java/jdk1.6.0_05/bin/java export HISTIGNORE=”&” export EDITOR=nano export PATH unset USERNAME #function PWD { #pwd | awk -F\/ ‘{print $(NF-1),$(NF)}’ | sed ‘s/ /\\//’ #} #export PS1=”\[\033[0;32m\]\u@\h \[\033[33m\]\$(pwd 3)\[\033[0m\] \$ “;

June 19, 2018 | by Scott Kilroy

apache – watch httpd for connected clients

watch httpd for connected clients watch “netstat -anpt | grep httpd | grep ESTABLISHED|cut -b45-60 | cut -d’:’ -f1 | sort” OR netstat -plan|grep :80|awk {‘print $5’}|cut -d: -f 1| sort|uniq -c | sort -nk 1

June 19, 2018 | by Scott Kilroy

apache – test mod_evasive is setup correctly

You can use this simple script to test mod_evasive is installed and running. I didn’t write this but forgot where I found it. Sorry for the lack of credit where it’s due. #!/usr/bin/perl # test.pl: small script to test mod_dosevasive’s effectiveness use IO::Socket; use strict; for(0..100) { my($response); my($SOCKET) = new IO::Socket::INET( Proto => “tcp”, PeerAddr=> “w3.fiendishplan.com:80”); if (! defined $SOCKET) { die $!; } print $SOCKET “GET /?$_ HTTP/1.0\n\n”; $response = ; print $response; close($SOCKET); }

June 19, 2018 | by Scott Kilroy

Apache modrewrite examples

modrewrite rule if you create folder it can be used as a subdomain RewriteCond %{HTTP_HOST} !^www\.website\.com$ RewriteCond %{HTTP_HOST} ^(.*)\.website\.com(.*) [NC] RewriteCond %{DOCUMENT_ROOT}/%1 -d RewriteRule ^(.*)$ http://www.website.com/%1$1 [P,L] requires both mod_rewrite and mod_proxy to be running 1. Forcing www for a domain while preserving subdomains RewriteCond %{HTTP_HOST} ^([a-z.]+)?example\.com$ [NC] RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule .? http://www.%1example.com%{REQUEST_URI} [R=301,L] Site has permanently moved to new domain # domain.com to domain2.com RewriteCond %{HTTP_HOST} ^www.domain.com$ [NC] RewriteRule ^(.*)$ http://www.domain2.com/$1 [R=301,L] RewriteEngine on RewriteCond /your/docroot/%{REQUEST_FILENAME} !-f […]

June 19, 2018June 19, 2018 | by Scott Kilroy

Installing apache mod_evasive on ubuntu

apt-get install libapache2-mod-evasive in /etc/apache2/conf.d create file called modevasive with the following: <code> <ifmodule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSLogDir /var/log/mod_evasive DOSEmailNotify ADD_EMAIL DOSWhitelist 127.0.0.1 </ifmodule>

June 19, 2018 | by Scott Kilroy

Nginx with certbot

Remember when setting up certbot using nginx to turn off the line in your config that blocks files that start with . This line: location ~ /\. { access_log off; log_not_found off; deny all; } A good guide can be found here https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

June 19, 2018 | by Scott Kilroy

Test ssl setup

To test ssl is setup correctly run the following: openssl s_client -connect IP_OR_DOMAIN_NAME:443

June 19, 2018June 19, 2018 | by Scott Kilroy

Check open ports with nmap

If you want to check if a particular port is open run nmap -p PORT_NUMBER IP_OR_DOMAIN_NAME for example nmap -p 80 example.com To use nmap to check if a port is open for tcp nmap -p port ipaddress for udp nmap -sU -p port ipaddress

June 4, 2018 | by Arround The Web

Top GitHub Alternatives to Host Your Open Source Projects

If you are looking to migrate from GitHub, here are some of the best alternatives to GitHub for hosting the source code of your open-source project.

May 17, 2018 | by Scott Kilroy

Step By Step Ubuntu 18.04 (Bionic Beaver) LAMP Server Setup

In around 15 minutes, the time it takes to install Ubuntu Server Edition, you can have a LAMP (Linux, Apache, MySQL and PHP) server up and ready to go. This feature, exclusive to Ubuntu Server Edition, is available at the time of installation.The LAMP option means you don’t have to install and integrate each of […]